In a letter to the affected customers and the Office of the Vermont Attorney General, Michael A. Chiaramonte, director of finance billing operations, wrote: “We recently determined that one of our employees violated our strict privacy and security guidelines by accessing your account without authorization in August 2014.”

Chiaramonte adds that the now former employee would have also been able to view customer’s Custom Proprietary Network Information (CPNI)—the information related to the telecommunications services they have purchased.

The company states it is still unaware of how many consumers may have been affected but has notified federal law enforcement.

Additionally, AT&T will dismiss any unauthorized charges or changes to customer accounts that have been impacted by the breach, as well as offering one year of free credit monitoring.

AT&T customers are urged to change their account passcodes or to add one, in order to access their accounts online, via phone customer service or in-store.

The incident is the second compromise this year that was carried out by an employee misusing their access to the sensitive customer information. Earlier this year, AT&T confirmed that three employees of one of its vendors accessed customer’s personal information, including call records, in an effort to attain AT&T codes to unlock phones.